A potentially very dangerous vulnerability has been discovered in the latest version of popular BitTorrent client uTorrent. This could be exploited by attackers to take complete control of an affected system. This issue is due to a buffer overflow error when handling a “torrent” file containing an overly long “announce” URL, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into opening a specially crafted torrent file or visiting a malicious web page.

All version of uTorrent are affected, including latest version 1.6 build 474 and prior. There’s already a working exploit for this floating on the internet. No fixed version has been released, as this is really fresh stuff. Although this exploit could be very dangerous, you need to download the “infected” torrent first and use it with this client. I recommend waiting for a new version of uTorrent (should be available within few hours, max days) and downloading only from trusted websites such as NewTorrents.info where are all torrents checked.

There has been no update for utorrent ever since it was taken over by Bit Torrent Inc. So waiting for a new version without some DRM is being very optimistic. If there is no update to patch this, I will shift to FlashGet for torrents too.